Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: login -hder Mouse (mouseCollatz.McRCIM.McGill.EDU)
Thu, 8 Dec 1994 12:22:42 -0500
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Walker Aumann: "Re: Race conditions"
- Previous message: Robert M. Haas: "Re: login -h"
- Maybe in reply to: Bonfield James: "login -h"
- Next in thread: Alexander Haiut: "Re: login -h"
> I don't think anyone should rely on wtmp for any kind of security. > Whatof rsh? If you're going to be paranoid about security, you should blow away anything that lets people in unauthenticated, like rsh. Quite aside from that, > Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid > wtmp detection. Or more simply, rsh <host> csh -fi, which I have used when for some reason rlogin didn't work (eg, out of ptys) and I needed a shell on the machine to fix things. > The -ut flag tells xterm to not make a entry in utmp and it never > considers making a wtmp entry. I suppose because it never has > permissions to. xterm is capable of writing a wtmp entry on almost any system on which it can write utmp entries. (The exceptions are those where (a) xterm is not setuid-root, (b) utmp is world writable, and (c) wtmp isn't world writable.) > The rsh server would have to make the wtmp entry. Which is odd it > doesn't because it does if envoke a shell with it. Hmmmm... Given the current wtmp design, it shouldn't write a wtmp entry because there's nothing to put in the ut_line field. One could invent something, I suppose.... der Mouse mousecollatz.mcrcim.mcgill.edu